SCRM Program Manager

Description

Job Description:

The position of DHS CISO Supply Chain Risk Program Manager will manage the functional area’s risk and opportunity planning, analysis and reporting to include NIST and Cybersecurity supplier due diligence and monitoring, source code analysis, CMMC, and program management office policies, as well as knowledge of SC risk elements of FAR and DFARS. The position will lead the development of SC policy development, support change management efforts across the component, and create training programs to ensure adoption. 

The program focuses on the following continuous and iterative steps:

Frame risk – establish the context for risk-based decisions and the current state of the information system or supply chain infrastructure;

Assess risk – review and interpret criticality, threat, vulnerability, likelihood, impact, and related information;

Respond to risk once determined – select, tailor, and implement mitigation controls; and

Monitor risk on an ongoing basis, including changes to information systems or supply chain infrastructure, geo-political concerns and potential impacts, and using effective organizational communications and a feedback loop for continuous improvement;

Monitor, evaluate and interpret - the evolving landscape of Governance, Geo-Political concerns, Risk and Compliance for information technology and information security

The DHS SOC Support Service Program has a critical need for a Supply Chain Risk Manager. This is a full time funded position based in Washington DC.  

• Develop supplier risk assessment protocols, deploy these protocols and conduct supplier audits to assess adherence

• Assess, manage, and report on overall cybersecurity posture of our supply base, to include their security policies, procedures, and standards followed.

• Design, implement, and maintain controls of functional area risks

• Understand current business procedures, problems with those current procedures, and possible solutions that use current modeling technology

• Oversee data gathering, exploration and research into current industry trends, publishing the results to a wide technical, executive audience

• Coordinate with internal/external teams in designing and developing new systems, processes, and procedures for supply risk management

• Stay abreast of emerging cybersecurity trends and communicate risks to supply base

• Stay abreast of current geopolitical risks and concerns and communicate risks to supply base and develop potential mitigation plans

• Communicate cybersecurity risk and awareness training to supply base.

• Identify and incorporate new regulatory and contractual requirements into our supplier management processes and related Information Security infrastructure.

Minimum Requirements Include:

• Bachelor's Degree and 8 -12 years of related experience required, Master’s preferred; in management or supply chain management or engineering or compliance preferred

• Ability to obtain DHS EOD

• Strong knowledge of supply chain fundamentals

• Working knowledge of ISO-27001, NIST 800-53, NIST 800-171 or similar framework

• Prior eight (8) years of experience of working within a supply chain or supplier quality role

• Experience performing supply chain risk assessments to identify and articulate security risks at suppliers

• Understanding of cybersecurity controls to include access control, identification and authorization, incident response, and other preventative and detective measures.

• Experience in working with supplier IT and information security teams to assess, measure, and improve their information security controls to meet internal standards

• Ability to analyze data, draw reasonable conclusions and make recommendations that withstand critical examination Ability to communicate complex analysis to all levels of the organization

• Demonstrated technical project management skills

• Demonstrated capabilities to organize and track your own work, and the work of others

• Demonstrated cross-functional business partnership development

• Clear and concise communication skills, with experience presenting to senior executive levels

• Knowledge of the Federal Acquisition Regulations (FAR)/ Defense Federal Acquisition Regulations (DFAR)/ and other agency FAR supplements

• Proficiency in MS Word, Excel, Project and PowerPoint

• Preferred Qualifications Include:

• Past history developing policies and procedures for compliant procurement in an services environment

• Fundamental understanding of supplier quality management processes SharePoint Administration

• Understand where DoD has been with DICAP, RMF as well as emerging frameworks like the Cybersecurity Maturity Model Certification (CMMC) and its impact on SpaceX supply chain and vendor relations.

External Referral Bonus:

Potential for Telework:

Clearance Level Required:

Travel:

Scheduled Weekly Hours:

Shift:

Requisition Category:

Job Family:

Pay Range:

About Leidos

Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 40,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.